Merge branch 'jk/connect-clear-env' into maint

The ssh transport, just like any other transport over the network,
did not clear GIT_* environment variables, but it is possible to
use SendEnv and AcceptEnv to leak them to the remote invocation of
Git, which is not a good idea at all.  Explicitly clear them just
like we do for the local transport.

* jk/connect-clear-env:
  git_connect: clarify conn->use_shell flag
  git_connect: clear GIT_* environment for ssh
This commit is contained in:
Junio C Hamano 2015-10-16 14:32:35 -07:00
commit a3bbfe5d00
2 changed files with 49 additions and 10 deletions

View File

@ -724,10 +724,13 @@ struct child_process *git_connect(int fd[2], const char *url,
strbuf_addch(&cmd, ' '); strbuf_addch(&cmd, ' ');
sq_quote_buf(&cmd, path); sq_quote_buf(&cmd, path);
/* remove repo-local variables from the environment */
conn->env = local_repo_env;
conn->use_shell = 1;
conn->in = conn->out = -1; conn->in = conn->out = -1;
if (protocol == PROTO_SSH) { if (protocol == PROTO_SSH) {
const char *ssh; const char *ssh;
int putty, tortoiseplink = 0; int putty = 0, tortoiseplink = 0;
char *ssh_host = hostandport; char *ssh_host = hostandport;
const char *port = NULL; const char *port = NULL;
transport_check_allowed("ssh"); transport_check_allowed("ssh");
@ -750,13 +753,17 @@ struct child_process *git_connect(int fd[2], const char *url,
} }
ssh = getenv("GIT_SSH_COMMAND"); ssh = getenv("GIT_SSH_COMMAND");
if (ssh) { if (!ssh) {
conn->use_shell = 1;
putty = 0;
} else {
const char *base; const char *base;
char *ssh_dup; char *ssh_dup;
/*
* GIT_SSH is the no-shell version of
* GIT_SSH_COMMAND (and must remain so for
* historical compatibility).
*/
conn->use_shell = 0;
ssh = getenv("GIT_SSH"); ssh = getenv("GIT_SSH");
if (!ssh) if (!ssh)
ssh = "ssh"; ssh = "ssh";
@ -766,8 +773,9 @@ struct child_process *git_connect(int fd[2], const char *url,
tortoiseplink = !strcasecmp(base, "tortoiseplink") || tortoiseplink = !strcasecmp(base, "tortoiseplink") ||
!strcasecmp(base, "tortoiseplink.exe"); !strcasecmp(base, "tortoiseplink.exe");
putty = !strcasecmp(base, "plink") || putty = tortoiseplink ||
!strcasecmp(base, "plink.exe") || tortoiseplink; !strcasecmp(base, "plink") ||
!strcasecmp(base, "plink.exe");
free(ssh_dup); free(ssh_dup);
} }
@ -782,9 +790,6 @@ struct child_process *git_connect(int fd[2], const char *url,
} }
argv_array_push(&conn->args, ssh_host); argv_array_push(&conn->args, ssh_host);
} else { } else {
/* remove repo-local variables from the environment */
conn->env = local_repo_env;
conn->use_shell = 1;
transport_check_allowed("file"); transport_check_allowed("file");
} }
argv_array_push(&conn->args, cmd.buf); argv_array_push(&conn->args, cmd.buf);

34
t/t5507-remote-environment.sh Executable file
View File

@ -0,0 +1,34 @@
#!/bin/sh
test_description='check environment showed to remote side of transports'
. ./test-lib.sh
test_expect_success 'set up "remote" push situation' '
test_commit one &&
git config push.default current &&
git init remote
'
test_expect_success 'set up fake ssh' '
GIT_SSH_COMMAND="f() {
cd \"\$TRASH_DIRECTORY\" &&
eval \"\$2\"
}; f" &&
export GIT_SSH_COMMAND &&
export TRASH_DIRECTORY
'
# due to receive.denyCurrentBranch=true
test_expect_success 'confirm default push fails' '
test_must_fail git push remote
'
test_expect_success 'config does not travel over same-machine push' '
test_must_fail git -c receive.denyCurrentBranch=false push remote
'
test_expect_success 'config does not travel over ssh push' '
test_must_fail git -c receive.denyCurrentBranch=false push host:remote
'
test_done